HPDRG0201E Error code 0x71 after ITAM 6.0 Fixpack upgrade
After upgrading to Fixpack 23 or above, WebSEAL fails to start with this error:
2012-05-01-11:35:31.468-05:00I----- 0x16B480C9 webseald ERROR rgy ira ira_handle.c 430 0x00000001
HPDRG0201E Error code 0x71 was received from the LDAP server. Error text: "SSL initialization call failed".
Symptom: WEBSEAL process inherits root user group membership
Diagnosing the problem
The SSL to LDAP KDB and STH file was owned by root, which is a security vulnerability.
Resolving the problem
No files should be owned by root, however, a bug was discovered and fixed in Fixpack 23 for Access Manager 6.0 that allowed WebSEAL to read files owned by root. When upgrading, the KDB and STH files, which had permissions root:system caused WebSEAL to not to start.
In this case, the files ownership was changed to ivmgr:ivmgr, which solved the issue.
ITAM ISAM SAM TAM
Translate this page: